Re: 2048-bit RSA keys

2010-08-17 Thread Simon Josefsson
Bill Stewart bill.stew...@pobox.com writes: Basically, 2048's safe with current hardware until we get some radical breakthrough like P==NP or useful quantum computers, and if we develop hardware radical enough to use a significant fraction of the solar output, we'll probably find it much

Re: 2048-bit RSA keys

2010-08-17 Thread Perry E. Metzger
On Tue, 17 Aug 2010 22:32:52 +0200 Simon Josefsson si...@josefsson.org wrote: Bill Stewart bill.stew...@pobox.com writes: Basically, 2048's safe with current hardware until we get some radical breakthrough like P==NP or useful quantum computers, and if we develop hardware radical enough

Re: A mighty fortress is our PKI, Part II

2010-08-17 Thread Jerry Leichter
On Aug 17, 2010, at 4:20 AM, Peter Gutmann wrote: Your code-signing system should create a tamper-resistant audit trail [0] of every signature applied and what it's applied to. Peter. [0] By this I don't mean the usual cryptographic Rube-Goldbergery, just log the details to a separate

Re: Has there been a change in US banking regulations recently?

2010-08-17 Thread Steven Bellovin
On Aug 16, 2010, at 9:19 49PM, John Gilmore wrote: who's your enemy? The NSA? The SVR? Or garden-variety cybercrooks? Enemy? We don't have to be the enemy for someone to crack our security. We merely have to be in the way of something they want; or to be a convenient tool or foil in

Re: 2048-bit RSA keys

2010-08-17 Thread Samuel Neves
On 17-08-2010 21:42, Perry E. Metzger wrote: On Tue, 17 Aug 2010 22:32:52 +0200 Simon Josefsson si...@josefsson.org wrote: Bill Stewart bill.stew...@pobox.com writes: Basically, 2048's safe with current hardware until we get some radical breakthrough like P==NP or useful quantum computers,

Re: About that Mighty Fortress... What's it look like?

2010-08-17 Thread David G. Koontz
On 18/08/10 3:46 AM, Peter Gutmann wrote: Alexander Klimov alser...@inbox.ru writes: Each real-time check reveals your interest in the check. What about privacy implications? (Have you ever seen a PKI or similar key-using design where anyone involved in speccing or deploying it genuinely

Re: 2048-bit RSA keys

2010-08-17 Thread Steven Bellovin
On Aug 17, 2010, at 5:19 10PM, Samuel Neves wrote: On 17-08-2010 21:42, Perry E. Metzger wrote: On Tue, 17 Aug 2010 22:32:52 +0200 Simon Josefsson si...@josefsson.org wrote: Bill Stewart bill.stew...@pobox.com writes: Basically, 2048's safe with current hardware until we get some radical

Re: 2048-bit RSA keys

2010-08-17 Thread Samuel Neves
Forwarded at Andrew's request. Original Message Subject: Re: 2048-bit RSA keys Date: Tue, 17 Aug 2010 19:11:55 -0500 (CDT) From: Andrew Odlyzko odly...@umn.edu To: Samuel Neves sne...@dei.uc.pt CC: cryptography@metzdowd.com It is not unreasonable to

Re: 2048-bit RSA keys

2010-08-17 Thread Paul Wouters
On Tue, 17 Aug 2010, Steven Bellovin wrote: They also suggest that a 3-4 year phase-out of 1024-bit moduli is the proper course. Note that this is because they take into consideration that secrets have to be unbreakable for decade(s), which is not the case for all uses of RSA. For example in

Re: Has there been a change in US banking regulations recently?

2010-08-17 Thread James A. Donald
On 2010-08-15 7:59 AM, Thor Lancelot Simon wrote: Indeed. The way forward would seem to be ECC, but show me a load balancer or even a dedicated SSL offload device which supports ECC. For sufficiently strong security, ECC beats factoring, but how strong is sufficiently strong? Do you have

Re: 2048-bit RSA keys

2010-08-17 Thread James A. Donald
On 2010-08-17 3:46 PM, Jonathan Katz wrote: Many on the list may already know this, but I haven't seen it mentioned on this thread. The following paper (that will be presented at Crypto tomorrow!) is most relevant to this discussion: Factorization of a 768-bit RSA modulus,